Monitor mode for broadcom - motorola cliq

[r0adki111]

hey guys hope this is the right section.  I have successfully installed debian linux and aircrack-ng on my motorola cliq phone.  The problem I am having is that I cannot enable monitor mode for my wireless card.  Any suggestions?  Here is the info on the card. 

broadcom sdio:

manf=Broadcom
productname=802.11b/g SDIO
vendid=0x14e4
devid=0x431c

It works fine and if I type in an iwconfig I get all the information for "eth0" connected to my wireless network.  How can I get this into monitor mode?  Or is it even supported on this card?  Thanks. 

Results of airmon-ng:

Interface                                 Chipset                               Driver

eth0                                        Unknown                                  Unknown <MONITOR MODE NOT SUPPORTED>

[Mister_X]

could you get us the result of the following commands:
- iwconfig
- iwpriv
- lspci and lsusb
- lsmod

[r0adki111]

localhost:/# iwconfig
iwconfig
lo        no wireless extensions.

dummy0    no wireless extensions.

rmnet0    no wireless extensions.

rmnet1    no wireless extensions.

rmnet2    no wireless extensions.

usb0      no wireless extensions.

eth0      IEEE 802.11-DS  ESSID:"geekaid96744"  Nickname:""
          Mode:Managed  Frequency:2.437 GHz  Access Point: 00:18:39:47:A4:AF
          Bit Rate=54 Mb/s   Tx-Power:32 dBm
          Retry min limit:7   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Managementmode:All packets received
          Link Quality=5/5  Signal level=-55 dBm  Noise level=-92 dBm
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:3  Invalid misc:0   Missed beacon:0

localhost:/# iwpriv
iwpriv
lo        no private ioctls.

dummy0    no private ioctls.

rmnet0    no private ioctls.

rmnet1    no private ioctls.

rmnet2    no private ioctls.

usb0      no private ioctls.

eth0      Available private ioctls :
          SCAN-ACTIVE      (8BE1) : set   0       & get  80 char
          RSSI             (8BE3) : set   0       & get  80 char
          SCAN-PASSIVE     (8BE5) : set   0       & get  80 char
          LINKSPEED        (8BE7) : set   0       & get  80 char
          Macaddr          (8BE9) : set   0       & get  80 char
          STOP             (8BEB) : set   0       & get  80 char
          START            (8BED) : set   0       & get  80 char

localhost:/# lspci
lspci
bash: lspci: command not found
localhost:/# lsusb
lsusb
bash: lsusb: command not found
localhost:/# lsmod
lsmod
Module                  Size  Used by
dhd                   164936  0
localhost:/#



For some reason lspci and lsusb don't work.

[Mister_X]

Does lsstdio exist? could you tell me what is the result of "ls /sbin/ls*".

Is there anything in '/sys/class/net/': eth0? if yes then could you go further and tell us what are its subdirectories and files.

[r0adki111]

localhost:/# su
su
localhost:/# lsstdio
lsstdio
bash: lsstdio: command not found
localhost:/# ls /sbin/ls*
ls /sbin/ls*
/sbin/lsmod
localhost:/# cd /sys/class/net
cd /sys/class/net
localhost:/sys/class/net# cd eth0
cd eth0
localhost:/sys/class/net/eth0# ls
ls
addr_len   carrier  features  iflink     operstate   subsystem     uevent
address    dev_id   flags     link_mode  power       tx_queue_len  wireless
broadcast  dormant  ifindex   mtu        statistics  type
localhost:/sys/class/net/eth0#

[Mister_X]

could you do a "ls -al /sys/class/eth0" and also give me the content of all subdirectories (ls -al). Make sure to look inside wireless (if it's a directory).

[r0adki111]

cd eth0
sh-3.2# ls -al
ls -al
total 0
drwxr-xr-x 5 root root    0 Jan  2 21:37 .
drwxr-xr-x 9 root root    0 Jan  2 21:37 ..
-r--r--r-- 1 root root 4096 Jan  2 21:37 addr_len
-r--r--r-- 1 root root 4096 Jan  2 21:37 address
-r--r--r-- 1 root root 4096 Jan  2 21:37 broadcast
-r--r--r-- 1 root root 4096 Jan  2 21:37 carrier
-r--r--r-- 1 root root 4096 Jan  2 21:37 dev_id
-r--r--r-- 1 root root 4096 Jan  2 21:37 dormant
-r--r--r-- 1 root root 4096 Jan  2 21:37 features
-rw-r--r-- 1 root root 4096 Jan  2 21:37 flags
-r--r--r-- 1 root root 4096 Jan  2 21:37 ifindex
-r--r--r-- 1 root root 4096 Jan  2 21:37 iflink
-r--r--r-- 1 root root 4096 Jan  2 21:37 link_mode
-rw-r--r-- 1 root root 4096 Jan  2 21:37 mtu
-r--r--r-- 1 root root 4096 Jan  2 21:37 operstate
drwxr-xr-x 2 root root    0 Jan  2 21:37 power
drwxr-xr-x 2 root root    0 Jan  2 21:37 statistics
lrwxrwxrwx 1 root root    0 Jan  2 21:37 subsystem -
-rw-r--r-- 1 root root 4096 Jan  2 21:37 tx_queue_le
-r--r--r-- 1 root root 4096 Jan  2 21:37 type
-rw-r--r-- 1 root root 4096 Jan  2 21:37 uevent
drwxr-xr-x 2 root root    0 Jan  2 21:37 wireless
sh-3.2# cd wireless
cd wireless
sh-3.2# ls
ls
beacon  crypt  fragment  level  link  misc  noise  n
sh-3.2# ls -al
ls -al
total 0
drwxr-xr-x 2 root root    0 Jan  2 21:37 .
drwxr-xr-x 5 root root    0 Jan  2 21:37 ..
-r--r--r-- 1 root root 4096 Jan  2 21:37 beacon
-r--r--r-- 1 root root 4096 Jan  2 21:37 crypt
-r--r--r-- 1 root root 4096 Jan  2 21:37 fragment
-r--r--r-- 1 root root 4096 Jan  2 21:37 level
-r--r--r-- 1 root root 4096 Jan  2 21:37 link
-r--r--r-- 1 root root 4096 Jan  2 21:37 misc
-r--r--r-- 1 root root 4096 Jan  2 21:37 noise
-r--r--r-- 1 root root 4096 Jan  2 21:37 nwid
-r--r--r-- 1 root root 4096 Jan  2 21:37 retries
-r--r--r-- 1 root root 4096 Jan  2 21:37 status
sh-3.2#

[Mister_X]

what is the content of each file in the wireless directory? and also the content of the flags file?

[r0adki111]

I'm having a hard time editing the files since I'm not very familiar with "vi" and cannot get another "easier to use" file editor to run on my debian install.  I have no gui so I don't think gedit or anything like that will work.  I'll keep trying.  Thanks.

[hatake_kakashi]

I don't think or expect to see support for these devices for a long while. The driver you are using I suspect would be a broadcom proprietary driver which may lack such functionalities.

As for the use of a more opensourced derivative, the b43, that chipset is not listed anywhere on their page: http://wireless.kernel.org/en/users/Drivers/b43. In other words don't expect rfmon to appear for a long long while until maybe broadcom gets rid of its adamant attitude towards the alternative platform community.

[r0adki111]

That's basically what I was thinking.  Just thought I'd ask and see if anyone knew something different.  Thanks.

[LatinSuD]

If it's a BCM4329 there's a chance.

This is from the Nexus One kernel tree.

I wonder what would happen if you put this:
http://android.git.kernel.org/?p=kernel/msm.git;a=blob;f=drivers/net/wireless/bcm4329/include/wlioctl.h;h=751d5cdaff76485fbcfada2bd149527418e2f6bf;hb=refs/heads/android-msm-2.6.29-nexusone#l539

...Into this:
http://android.git.kernel.org/?p=kernel/msm.git;a=blob;f=drivers/net/wireless/bcm4329/wl_iw.c;h=cd387b1ae1641ca29809e6ef1acd419c2a0f66fe;hb=refs/heads/android-msm-2.6.29-nexusone#l1062

[LatinSuD]

I already have tcpdump running 
http://junxian-huang.blogspot.com/2009/03/finally-tcpdump-on-gphone-g1-android.html

Code:

# tcpdump -s0 -nnXXi tiwlan0
9:28:59.528932 IP 192.168.33.44 > 192.168.33.1: ICMP echo request, id 24581, seq 1, length 64
0x0000:  0060 b3xx xxxx 0018 41xx xxxx 0800 4500  .`�-.;..A�.�..E.
0x0010:  0054 0000 4000 4001 772b c0a8 212c c0a8  .T..@.@.w+��!,��
0x0020:  2101 0800 5fcf 6005 0001 ebca 484b 1111  !..._�`...��HK..
0x0030:  0800 0809 0a0b 0c0d 0e0f 1011 1213 1415  ................
0x0040:  1617 1819 1a1b 1c1d 1e1f 2021 2223 2425  ...........!"#$%
0x0050:  2627 2829 2a2b 2c2d 2e2f 3031 3233 3435  &'()*+,-./012345
0x0060:  3637                                     67

Now we only need to set card in monitor mode.

[jdmark]

Was any progress made?

[haxxo]

bump, any new developments?